Lazart: A Symbolic Approach for Evaluation the Robustness of Secured Codes against Control Flow Injections

In the domain of smart cards, secured devices must be protected against high level attack potential [1]. According to norms such as the Common Criteria [2], the vulnerability analysis must cover the current state-of-the-art in term of attacks. Nowadays, a very classical type of attack is fault injection, conducted by means of laser based techniques. We propose a global approach, called Lazart, to evaluate code robustness against fault injections targeting control flow modifications. The originality of Lazart is two folds. First, we encompass the evaluation process as a whole: starting from a fault model, we produce (or establish the absence of) attacks, taking into consideration software countermeasures. Furthermore, according to the near state-of-the-art, our methodology takes into account multiple transient fault injections and their combinatory. The proposed approach is supported by an effective tool suite based on the LLVM format [3] and the KLEE symbolic test generator [4].

[1]  Mark Harman,et al.  Strong higher order mutation-based test data generation , 2011, ESEC/FSE '11.

[2]  Moonzoo Kim,et al.  Industrial application of concolic testing approach: A case study on libexif by using CREST-BV and KLEE , 2012, 2012 34th International Conference on Software Engineering (ICSE).

[3]  Mike Papadakis,et al.  Automatic Mutation Test Case Generation via Dynamic Symbolic Execution , 2010, 2010 IEEE 21st International Symposium on Software Reliability Engineering.

[4]  Dawson R. Engler,et al.  KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.

[5]  Karine Heydemann,et al.  High Level Model of Control Flow Attacks for Smart Card Functional Security , 2012, 2012 Seventh International Conference on Availability, Reliability and Security.

[6]  Mark Harman,et al.  Higher Order Mutation Testing , 2009, Inf. Softw. Technol..

[7]  Jean-Pierre Seifert,et al.  A new CRT-RSA algorithm secure against bellcore attacks , 2003, CCS '03.

[8]  Louis Goubin,et al.  Formal verification of a CRT-RSA implementation against fault attacks , 2013, Journal of Cryptographic Engineering.

[9]  Jean-Louis Lanet,et al.  Evaluation of Countermeasures Against Fault Attacks on Smart Cards , 2011 .

[10]  Jean-Louis Lanet,et al.  SmartCM a smart card fault injection simulator , 2011, 2011 IEEE International Workshop on Information Forensics and Security.

[11]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[12]  Koushik Sen,et al.  Symbolic execution for software testing: three decades later , 2013, CACM.

[13]  Nikolai Kosmatov,et al.  Automating structural testing of C programs: Experience with PathCrawler , 2009, 2009 ICSE Workshop on Automation of Software Test.

[14]  Maria Christofi Preuves de sécurité outillées d’implémentations cryptographiques , 2013 .

[15]  Thomas W. Reps,et al.  WYSINWYX: What you see is not what you eXecute , 2005, TOPL.

[16]  Ingrid Verbauwhede,et al.  The Fault Attack Jungle - A Classification Model to Guide You , 2011, 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[17]  Nikolai Kosmatov,et al.  Frama-C: A software analysis perspective , 2015, Formal Aspects of Computing.

[18]  Mark Harman,et al.  An Analysis and Survey of the Development of Mutation Testing , 2011, IEEE Transactions on Software Engineering.

[19]  Xavier Kauffmann-Tourkestansky,et al.  Analyses sécuritaires de code de carte à puce sous attaques physiques simulées. (Security analysis of smart card C code using simulated physical attacks) , 2012 .

[20]  David L. Dill,et al.  A Decision Procedure for Bit-Vectors and Arrays , 2007, CAV.